CVE-2018-11177

HIGH

Quest Disk Backup < 4.0.3.1 - OS Command Injection

Title source: llm
STIX 2.1

Description

Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 35 of 46).

References (3)

Core 3
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2018/May/71
Technical Description, Third Party Advisory x_refsource_misc
https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities

Scores

CVSS v3 8.8
EPSS 0.0460
EPSS Percentile 90.5%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-78
Status published
Products (1)
quest/disk_backup < 4.0.3.1
Published Jun 02, 2018
Tracked Since Feb 18, 2026